{"id":239355,"date":"2026-06-20T06:07:50","date_gmt":"2026-06-20T11:07:50","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/06\/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack"},"modified":"2026-06-20T06:07:50","modified_gmt":"2026-06-20T11:07:50","slug":"klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/06\/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack","title":{"rendered":"Klue OAuth breach victim list grows as Icarus hackers claim attack"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack2.jpg\"><\/a><\/p>\n<p>Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers\u2019 Salesforce environments, as the new \u201cIcarus\u201d extortion group publicly claims the attack.<\/p>\n<p>The disclosure comes after cybersecurity firms <a href=\"https:\/\/www.huntress.com\/blog\/klue-breach-investigation\" target=\"_blank\" rel=\"nofollow noopener\">Huntress<\/a> and <a href=\"https:\/\/reliaquest.com\/blog\/threat-spotlight-integration-abused-in-crm-data-theft\" target=\"_blank\" rel=\"nofollow noopener\">ReliaQuest<\/a> detailed how attackers abused compromised Klue Battlecards integrations to steal Salesforce CRM data from multiple organizations.<\/p>\n<p>In a statement published this week, Klue CEO Jason Smith confirmed that the company discovered unauthorized activity on June 12 affecting part of Klue\u2019s integration infrastructure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers\u2019 Salesforce environments, as the new \u201cIcarus\u201d extortion group publicly claims the attack. The disclosure comes after cybersecurity firms Huntress and ReliaQuest detailed how attackers abused compromised Klue Battlecards integrations to steal [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-239355","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/239355","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=239355"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/239355\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=239355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=239355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=239355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}